Communicating by means of a mobile terminal, such as a mobile phone, via a public land mobile network (PLMN; also referred to as a mobile or cellular communications network herein) operated by a mobile network operator (MNO) generally requires the mobile terminal to be equipped with a secure element for securely storing data uniquely identifying the user of the mobile terminal (also called subscriber). For instance, in the context of a mobile terminal configured to communicate according to the Global System for Mobile Communications (GSM), currently the world's most popular standard for mobile communications systems, the secure element is called a subscriber identity module (SIM) and is usually provided in the form of a smart card. According to the GSM standard, the technical features of which are defined by a large number of interrelated and mutually dependent specifications published by the ETSI standardization organization, the SIM contains subscription credentials for authenticating and identifying the user of the mobile terminal, including in particular an International Mobile Subscriber Identity (IMSI) and an authentication key Ki. These subscription credentials are generally stored on the SIM by the SIM manufacturer/vendor or the MNO during a SIM personalization process prior to providing the user of the mobile terminal with his SIM. A non-personalized SIM is generally not suited for use in a mobile terminal, i.e. the use of the services provided by a PLMN with a non-personalized SIM without the necessary subscription credentials is not possible.
One particular field of application of secure elements, such as SIMs, eUICCs, UICCs and the like, which is expected to grow rapidly in the near future is M2M (machine-to-machine) communication, i.e. the communication between machines over a cellular communications network without human intervention, also called the Internet of things. In M2M communication data is automatically transmitted between many different types of machines equipped with a secure element in the form of a M2M module, such as TV systems, set top boxes, vending machines, vehicles, traffic lights, surveillance cameras, sensor devices, and the like. It is foreseeable that at least for some of these devices it will not be possible or at least very difficult to provide the secure element beforehand with the necessary subscription credentials, including for instance an IMSI. This is because in a lot of M2M devices the secure element will most likely be implemented in the form of a surface mounted chip or chip module without the possibility of providing the secure element with the necessary subscription credentials beforehand. Consequently, once in the field, these M2M devices and their non-personalized secure elements require the provision of subscription credentials over-the-air.
When using the services provided by a MNO, in particular communicating via the PLMN provided by the MNO, the user of a mobile terminal is usually charged a certain monthly fee by the MNO. If the mobile user wants, for instance due to a lower monthly charge and/or superior services, to change to a different MNO, he generally has to manually replace the SIM provided by the current MNO and containing, in particular, the subscription credentials necessary for attaching to the PLMN of the current MNO by the SIM provided by the new MNO and containing the subscription credentials necessary for attaching to the PLMN of the new MNO. Certainly, it would be easier for the user, if instead of this conventional process of switching to a new MNO by manually replacing the SIM it would be possible to use one and the same secure element in the form of a SIM that can be “reprogrammed” over-the-air. However, as different MNOs often use different authentication algorithms for the SIM attachment process it is generally not sufficient to simply download new subscription credentials to the SIM. Rather, the SIM has to be provided over-the-air with a new complete subscription profile, including subscription credentials, applications and/or at least parts of a SIM operating system. Methods providing for this possibility are not known from the prior art or at best rather cumbersome.
In light of the above, the problem addressed by the present invention is to provide for methods and devices that allow providing the secure element of a mobile terminal over-the-air with a subscription profile.